While configuring a new server for sendmail, it is a good practice to install DKIM to sign outgoing messages. OPENDKIM is usually my choice, but on Amazon Linux 2023, opendkim is currently not available in the official distribution. After a bit of searching, I could not find an up-to-date guide that worked, so I had to work it out myself. Hopefully you will find these instructions useful. Please post a comment if you have trouble or need additional help.
First, try to install from the official distribution. Maybe it’s there now?
sudo yum install opendkimIf you’re like me, you got something that looks like this.
Detailed instructions will follow, but first some assumptions:
• You have a fresh vanilla Amazon Linux 2023 ec2 instance. If you don’t have one, get one! If you need help, contact me. These instructions will likely work on any ec2 instance, but no guarantees
• You have shell access to the ec2 instance either through SSH or some other means. The following commands will be entered into the command line shell. If you need help with this, contact me.
If you’re all set, here’s an outline of what we’re going to do.
- Install the prerequisites needed to compile. Any of these you already have installed will be skipped.
- Download source code for opendkim
- Modify ‘configure’ to skip past some outdated library checks
- configure/make/install as usual
1. Install the prerequisites
These should be all of the prerequisites for building opendkim. This includes all of the build tools and shared libraries needed for linking. We’re also starting a bash shell here as ‘root’, so all subsequent commands will have super user privilege.
sudo bash
yum install sendmail-devel openssl-devel libbsd-devel autoconf automake libtool2. Download and unzip the code
opendkim hasn’t been updated in a while. The latest version I could find was 2.10.3 on sourceforge. If you use any other source distribution, these instructions will not help you. Download 2.10.3 from Sourceforge like this
wget https://downloads.sourceforge.net/project/opendkim/opendkim-2.10.3.tar.gz
tar -xvf opendkim-2.10.3.tar.gz3. Modify configure
The existing ‘configure’ file includes some outdated checks for openssl shared libraries. Newer openssl libraries renamed some of the functions, so these checks no longer work, and if you installed the openssl prerequisites above, they’re really not necessary. Let’s just edit them out. NOTE…. We’re editing out specific line numbers from the configure file!!! If you find an opendkim source package OTHER than 2.10.3 above, you’ll probably end up with an unusable configure after you do this.
cd opendkim-2.10.3
mv configure configure.old
cat configure.old | sed '16732,16862d' > configure
chmod +x configure4. Make and install
The usual
./configure
make
make installYou should now have a working opendkim!!! Instructions for configuring and running opendkim are outside the scope of this document, but should be the same as other instructions you find online. Now that you have it built and installed, you can find that information in the man page or by doing a bit of googling.
Confirming opendkim is built with OpenSSL:
man opendkim